dropbear -- arbitrary code execution

Details

VuXML ID

eba70db4-6640-11e1-98af-00262d8b701d

Discovery

2012-02-22

Entry

2012-03-04

The Dropbear project reports:

Dropbear SSH Server could allow a remote authenticated attacker
to execute arbitrary code on the system, caused by a use-after-
free error. If a command restriction is enforced, an attacker
could exploit this vulnerability to execute arbitrary code on
the system with root privileges.